Merge pull request #218 from CESNET/fix-parser-tcpoptions

hynekkar · web-flow · commit b775de3659c9 · 2024-09-18T14:41:19.000+02:00
Fix parser tcpoptions
diff --git a/input/parser.cpp b/input/parser.cpp
@@ -503,7 +503,9 @@ inline uint16_t parse_tcp_hdr(const u_char *data_ptr, uint16_t data_len, Packet
       uint8_t opt_len = (opt_kind <= 1 ? 1 : *(opt_ptr + 1));
       DEBUG_MSG("\t\t%u: len=%u\n", opt_kind, opt_len);
 
-      pkt->tcp_options |= ((uint64_t) 1 << opt_kind);
+      // according to ipfix standard, tcp option flags are reversed from the bit indices in each byte
+      // see https://www.iana.org/assignments/ipfix/ipfix.xhtml, entity no. 209 - tcpOptions
+      pkt->tcp_options |= uint64_t(1) << ((opt_kind & 0xF8) + (0x07 - (opt_kind&0x07)));
       if (opt_kind == 0x00) {
          break;
       } else if (opt_kind == 0x02) {
diff --git a/process/basicplus.cpp b/process/basicplus.cpp
@@ -93,10 +93,11 @@ int BASICPLUSPlugin::pre_update(Flow &rec, Packet &pkt)
       p->ip_ttl[1]  = pkt.ip_ttl;
       p->ip_flg[1]  = pkt.ip_flags;
       p->tcp_mss[1] = pkt.tcp_mss;
-      p->tcp_opt[1] = pkt.tcp_options;
       p->tcp_win[1] = pkt.tcp_window;
       p->dst_filled = true;
    }
+   // update tcp options mask across the tcp flow
+   p->tcp_opt[dir] |= pkt.tcp_options;
    return 0;
 }
 
diff --git a/tests/functional/reference/basicplus b/tests/functional/reference/basicplus
@@ -1,10 +1,10 @@
-54.175.219.8,192.168.0.30,131,4074,0,258,258,2016-04-07T18:23:33.012019,2016-04-07T18:23:33.158195,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,2,0,0,80,44338,0,229,280,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,137,305,0,258,258,2016-04-07T18:23:31.194983,2016-04-07T18:23:31.405022,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44328,0,229,279,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,190,12692,0,258,258,2016-04-07T18:23:31.967204,2016-04-07T18:23:32.139824,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,6,0,0,80,44332,0,229,279,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,194,477,0,258,258,2016-04-07T18:23:32.672966,2016-04-07T18:23:32.841347,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44336,0,229,279,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,195,595,0,258,258,2016-04-07T18:23:33.331016,2016-04-07T18:23:33.554300,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44340,0,229,279,0,2,2,64,41,6,24,24
-54.175.219.8,192.168.0.30,199,8564,0,258,258,2016-04-07T18:23:34.353031,2016-04-07T18:23:34.496023,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,5,0,0,80,44344,0,229,279,0,2,2,64,41,6,24,24
-54.175.222.246,192.168.0.30,130,459,0,258,258,2016-04-07T18:23:32.300116,2016-04-07T18:23:32.535279,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44586,0,229,280,0,2,2,64,41,6,24,24
-54.175.222.246,192.168.0.30,138,0,0,258,0,2016-04-07T18:23:31.598243,2016-04-07T18:23:31.598243,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,0,0,0,80,44582,0,229,0,0,2,0,64,0,6,24,0
-54.175.222.246,192.168.0.30,200,36844,0,258,258,2016-04-07T18:23:33.713573,2016-04-07T18:23:34.034665,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,20,0,0,80,44594,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,131,4074,0,32832,32832,2016-04-07T18:23:33.012019,2016-04-07T18:23:33.158195,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,2,0,0,80,44338,0,229,280,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,137,305,0,32832,32832,2016-04-07T18:23:31.194983,2016-04-07T18:23:31.405022,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44328,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,190,12692,0,32832,32832,2016-04-07T18:23:31.967204,2016-04-07T18:23:32.139824,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,6,0,0,80,44332,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,194,477,0,32832,32832,2016-04-07T18:23:32.672966,2016-04-07T18:23:32.841347,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44336,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,195,595,0,32832,32832,2016-04-07T18:23:33.331016,2016-04-07T18:23:33.554300,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44340,0,229,279,0,2,2,64,41,6,24,24
+54.175.219.8,192.168.0.30,199,8564,0,32832,32832,2016-04-07T18:23:34.353031,2016-04-07T18:23:34.496023,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,5,0,0,80,44344,0,229,279,0,2,2,64,41,6,24,24
+54.175.222.246,192.168.0.30,130,459,0,32832,32832,2016-04-07T18:23:32.300116,2016-04-07T18:23:32.535279,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,1,0,0,80,44586,0,229,280,0,2,2,64,41,6,24,24
+54.175.222.246,192.168.0.30,138,0,0,32832,0,2016-04-07T18:23:31.598243,2016-04-07T18:23:31.598243,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,0,0,0,80,44582,0,229,0,0,2,0,64,0,6,24,0
+54.175.222.246,192.168.0.30,200,36844,0,32832,32832,2016-04-07T18:23:33.713573,2016-04-07T18:23:34.034665,78:44:76:36:98:19,dc:53:60:2b:6a:4c,1,20,0,0,80,44594,0,229,279,0,2,2,64,41,6,24,24
 ipaddr DST_IP,ipaddr SRC_IP,uint64 BYTES,uint64 BYTES_REV,uint64 LINK_BIT_FIELD,uint64 TCP_OPT,uint64 TCP_OPT_REV,time TIME_FIRST,time TIME_LAST,macaddr DST_MAC,macaddr SRC_MAC,uint32 PACKETS,uint32 PACKETS_REV,uint32 TCP_MSS,uint32 TCP_MSS_REV,uint16 DST_PORT,uint16 SRC_PORT,uint16 TCP_SYN_SIZE,uint16 TCP_WIN,uint16 TCP_WIN_REV,uint8 DIR_BIT_FIELD,uint8 IP_FLG,uint8 IP_FLG_REV,uint8 IP_TTL,uint8 IP_TTL_REV,uint8 PROTOCOL,uint8 TCP_FLAGS,uint8 TCP_FLAGS_REV

Original file line number	Diff line number	Diff line change
`@@ -93,10 +93,11 @@ int BASICPLUSPlugin::pre_update(Flow &rec, Packet &pkt)`
`93`	`93`	`p->ip_ttl[1] = pkt.ip_ttl;`
`94`	`94`	`p->ip_flg[1] = pkt.ip_flags;`
`95`	`95`	`p->tcp_mss[1] = pkt.tcp_mss;`
`96`		`- p->tcp_opt[1] = pkt.tcp_options;`
`97`	`96`	`p->tcp_win[1] = pkt.tcp_window;`
`98`	`97`	`p->dst_filled = true;`
`99`	`98`	`}`
	`99`	`+ // update tcp options mask across the tcp flow`
	`100`	`+ p->tcp_opt[dir] \|= pkt.tcp_options;`
`100`	`101`	`return 0;`
`101`	`102`	`}`
`102`	`103`